U.S. State Department Hacked

Keep on Guard!


So the U.S. government has been getting fairly hammered lately with breaches/attacks hitting the White House, USPS (Postal Service) and NOAA.

The latest victim of this onslaught has been the State Department, which had to totally shut down their email systems on November 14th after discovering various ‘areas of concern’.

U.S. State Department Hacked

I wonder who’s going to fall next after this? This seems to be a fairly sustained and systematic attack, perhaps from the same perpetrators (or ‘actors’ if I was to use the new trendy infosec language).

Over the course of the last several weeks, a number of high-profile U.S. federal networks have been breached by attackers. The latest organization to be breached is the U.S. State Department, which had to take its email system offline.

The breach at the State Department follows attacks against the White House, the United States Postal Service (USPS) and the National Oceanic and Atmospheric Administration (NOAA).

The Associated Press, which broke the story on the State Department hack on Nov. 16, indicated that the entire unclassified email system was potentially at risk. The actual State Department email shutdown occurred late Friday, Nov. 14, as areas of concern about the email system were discovered.

Currently, there is no official attribution for the source of the State Department email incident. In the NOAA and White House incidents, reports have alleged that nation-state actors from China and Russia were involved.

Bob Stratton, managing partner at cyber-security accelerator Mach37, told eWEEK that he was somewhat surprised at the State Department disclosure. In general, his view is that the State Department’s discussion of this attack is a constructive development.

“While perfect security is a laudable goal, users of information technology are coming to realize that these events occur even in the face of diligent effort,” Stratton said. “There is some value in not immediately assuming that IT operations and security organizations are incompetent so much as that they are enduring a continuing, innovative, determined stream of network attacks.”


Blame it on Russia or China right? That seems to be the standard answer when it comes to things like this. It is good to see it was announced though and not swept under the carpet like it usually is. It’ll be interesting to see if we get any actual meaty details though (like how the attackers got in, what kind of information was leaked, how they fixed the issues etc.).

But honestly, I don’t see that kind of openness happening any time soon. It would be nice though right?

At this point, Stratton added, he’s more curious about how quickly and effectively a breached agency or company can do damage assessment, and how long it takes for them to perform remediation of the breach with confidence that it was done effectively.

In the State Department incident, the email system was the target, which makes sense considering what sort of information might be present.

“An email system contains not only information regarding users in the directory services, but also a wealth of information in the emails themselves,” John Fitzgerald, CTO North America at Wave Systems, told eWEEK. “So if an attacker is able to gain access to internal data repositories—databases, email systems and file stores—a great amount of direct and indirect information can be gathered.”

There is no question that the use of email as a vehicle for delivery of attacks is extremely popular, and has been for a while, according to Stratton.

“It makes sense if one is trying to collect information on an organization that the attacker might be interested in what is arguably the most commonly used and perhaps most critical collaboration tool,” he said.

In terms of next steps for the government, Fitzgerald said the information gathered from the attacks should be used to investigate whether other areas of the infrastructure have been compromised and look for similar fingerprints in other information systems.

Stratton added that he expects the State Department will be doing a damage assessment to determine what exactly was breached, and the sensitivity and implications of that, as well as developing a remediation plan.

“The question in situations where there is a large set of stored information is, Is there some way that the consistent use of encryption might have prevented the loss of some of this information?” Stratton said. “That is no panacea either, but it can sometimes help to make extracting information through an attack more difficult for the attacker.”

I would imagine an organisation like the State Department has access to some pretty hot forensics/incident response teams though, so they should be able to a fairly quick and thorough investigation of what happened.

That is if it was handled properly and the evidence of tampering hasn’t already been destroyed by some heavy handed internal IT support staff member turning off servers and unplugging switches.

They should have a pretty tight IRP in place to handle things like this though, so the chain of evidence should be pretty legit. Yah, that was an awful lot of ‘shoulds’.

Source: eWeek

Posted in: Hacking News

,


Latest Posts:


Uber Paid Hacker To Hide 57 Million User Data Breach Uber Paid Hackers To Hide 57 Million User Data Breach
Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts.
RDPY - RDP Security Tool For Hacking Remote Desktop Protocol RDPY – RDP Security Tool For Hacking Remote Desktop Protocol
RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality.
Terabytes Of US Military Social Media Spying S3 Data Exposed Terabytes Of US Military Social Media Spying S3 Data Exposed
Once again the old, default Amazon AWS S3 settings are catching people out, the US Military has left terabytes of social media spying S3 data exposed.
SNIFFlab - Create Your Own MITM Test Environment SNIFFlab – Create Your Own MITM Test Environment
SNIFFlab is a set of scripts in Python that enable you to create your own MITM test environment for packet sniffing through a WiFi access point.
Skype Log Viewer Download - View Logs on Windows Skype Log Viewer Download – View Logs on Windows
Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself.
Ethereum Parity Bug Destroys Over $250 Million In Tokens Ethereum Parity Bug Destroys Over $250 Million In Tokens
If you are into cryptocurrency or blockchain at all, you will have heard about the Ethereum Parity Bug that has basically binned $280 Million + ETH.


Comments are closed.